Ireland’s Data Protection Commission (DPC) opened an inquiry into Google Ireland Ltd. over user data collection during online advertising. The DPC will enquire whether Google’s online Ad Exchange was compliant to general data protection regulations (GDPR).
The Data Protection Commission became the lead supervisory authority for Google in the European Union in January, this year. This is the Irish commission’s first statutory inquiry into Google since then. DPC also offers a so-called “One Stop Shop” for data protection regulation across the EU.
This investigation follows last year’s privacy complaint filed under Europe’s GDPR pertaining to Google Adtech’s real-timing bidding (RTB) system. This complaint was filed by a host of privacy activists and Dr. Johnny Ryan of private browser Brave. Ryan accused Google’s internet ad services business, DoubleClick/Authorized Buyers, of leaking users’ intimate data to thousands of companies.
Google bought the advertising serving and tracking company, DoubleClick, for $3.1bn (£2.4bn) in 2007. DoubleClick uses web cookies to track browsing behavior online by IP addresses to deliver targeted ads.
Also, this week, a new GDPR complaint against Real-Time Bidding (RTB) was filed in Spain, Netherlands, Belgium, and Luxembourg.
Parallels to our adtech/real-time bidding GDPR complaint were today filed in 4 more countries
🇪🇸 @gemmagaldon @EticasFdn
🇳🇱 @bitsoffreedom, David Korteweg
🇧🇪 @Jausl00s @PiDewitte
🇱🇺 Jose Bello
Europeans demand regulatory action on insecure web trackinghttps://t.co/3dbPoGxbDw
— Michael Veale (@mikarv) May 20, 2019
Ireland’s statutory inquiry is pursuant to section 110 of the Data Protection Act 2018 and will also investigate based on the various suspicions received. “The GDPR principles of transparency and data minimization, as well as Google’s retention practices, will also be examined”, the DPC blog mentions.
It has been a year since GDPR was introduced on May 25, 2018, which gave Europeans new powers in how they can control their data.
Ryan said in a statement, “Surveillance capitalism is about to become obsolete. The Irish Data Protection Commission’s action signals that now — nearly one year after the GDPR was introduced — a change is coming that goes beyond just Google. We need to reform online advertising to protect privacy, and to protect advertisers and publishers from legal risk under the GDPR”.
See part of my testimony at the US Senate Judiciary Committee yesterday for a summary of the issues https://t.co/FCPqQegEbt
— Johnny Ryan (@johnnyryan) May 22, 2019
Google was also fined a sum of 50 million euros ($56 million) earlier this year by France’s privacy regulator, in the first penalty for a U.S. tech giant since the EU’s GDPR law was introduced. Also, in March, the EU fined Google 1.49 billion euros for antitrust violations in online advertising, a third antitrust fine by the European Union against Google since 2017.
A Google spokesperson told CNBC, “We will engage fully with the DPC’s investigation and welcome the opportunity for further clarification of Europe’s data protection rules for real-time bidding. Authorized buyers using our systems are subject to stringent policies and standards.”
To know more about this news, head over to DPC’s official press release.